def test_create_with_mention(self):
self.log_user()
rev = '27cd5cce30c96924232dffcd24178a07ffeb5dfc'
text = '@%s check CommentOnRevision' % base.TEST_USER_REGULAR_LOGIN
params = {
'text': text,
'_session_csrf_secret_token': self.session_csrf_secret_token()
}
response = self.app.post(base.url(controller='changeset',
action='comment',
repo_name=base.HG_REPO,
revision=rev),
params=params,
extra_environ={'HTTP_X_PARTIAL_XHR': '1'})
# Test response...
assert response.status == '200 OK'
response = self.app.get(
base.url(controller='changeset',
action='index',
repo_name=base.HG_REPO,
revision=rev))
response.mustcontain('''<div class="comments-number">'''
''' 1 comment (0 inline, 1 general)''')
response.mustcontain('<b>@%s</b> check CommentOnRevision' %
base.TEST_USER_REGULAR_LOGIN)
# test DB
assert ChangesetComment.query().count() == 1
def test_changeset_range(self):
#print self.app.get(base.url(controller='changelog', action='index', repo_name=base.HG_REPO))
response = self.app.get(
base.url(
controller='changeset',
action='index',
repo_name=base.HG_REPO,
revision=
'a53d9201d4bc278910d416d94941b7ea007ecd52...96507bd11ecc815ebc6270fdf6db110928c09c1e'
))
response = self.app.get(
base.url(controller='changeset',
action='changeset_raw',
repo_name=base.HG_REPO,
revision='a53d9201d4bc278910d416d94941b7ea007ecd52'))
response = self.app.get(
base.url(controller='changeset',
action='changeset_patch',
repo_name=base.HG_REPO,
revision='a53d9201d4bc278910d416d94941b7ea007ecd52'))
response = self.app.get(
base.url(controller='changeset',
action='changeset_download',
repo_name=base.HG_REPO,
revision='a53d9201d4bc278910d416d94941b7ea007ecd52'))
def test_my_account_remove_ssh_key(self):
description = ''
public_key = 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC6Ycnc2oUZHQnQwuqgZqTTdMDZD7ataf3JM7oG2Fw8JR6cdmz4QZLe5mfDwaFwG2pWHLRpVqzfrD/Pn3rIO++bgCJH5ydczrl1WScfryV1hYMJ/4EzLGM657J1/q5EI+b9SntKjf4ax+KP322L0TNQGbZUHLbfG2MwHMrYBQpHUQ== me@localhost'
fingerprint = 'Ke3oUCNJM87P0jJTb3D+e3shjceP2CqMpQKVd75E9I8'
self.log_user(base.TEST_USER_REGULAR2_LOGIN,
base.TEST_USER_REGULAR2_PASS)
response = self.app.post(
base.url('my_account_ssh_keys'), {
'description': description,
'public_key': public_key,
'_session_csrf_secret_token': self.session_csrf_secret_token()
})
self.checkSessionFlash(response,
'SSH key %s successfully added' % fingerprint)
response.follow()
user_id = response.session['authuser']['user_id']
ssh_key = UserSshKeys.query().filter(
UserSshKeys.user_id == user_id).one()
assert ssh_key.description == 'me@localhost'
response = self.app.post(
base.url('my_account_ssh_keys_delete'), {
'del_public_key_fingerprint': ssh_key.fingerprint,
'_session_csrf_secret_token': self.session_csrf_secret_token()
})
self.checkSessionFlash(response, 'SSH key successfully deleted')
keys = UserSshKeys.query().all()
assert 0 == len(keys)
def test_create(self):
self.log_user()
pr_id = self._create_pr()
text = 'general comment on pullrequest'
params = {
'text': text,
'_session_csrf_secret_token': self.session_csrf_secret_token()
}
response = self.app.post(base.url(controller='pullrequests',
action='comment',
repo_name=base.HG_REPO,
pull_request_id=pr_id),
params=params,
extra_environ={'HTTP_X_PARTIAL_XHR': '1'})
# Test response...
assert response.status == '200 OK'
response = self.app.get(
base.url(controller='pullrequests',
action='show',
repo_name=base.HG_REPO,
pull_request_id=pr_id,
extra=''))
# PRs currently always have an initial 'Under Review' status change
# that counts as a general comment, hence '2' in the test below. That
# could be counted as a misfeature, to be reworked later.
response.mustcontain('''<div class="comments-number">'''
''' 2 comments (0 inline, 2 general)''')
response.mustcontain(text)
# test DB
assert ChangesetComment.query().count() == 2
def test_create_status_change(self):
self.log_user()
rev = '27cd5cce30c96924232dffcd24178a07ffeb5dfc'
text = 'general comment on changeset'
params = {
'text': text,
'changeset_status': 'rejected',
'_session_csrf_secret_token': self.session_csrf_secret_token()
}
response = self.app.post(base.url(controller='changeset',
action='comment',
repo_name=base.HG_REPO,
revision=rev),
params=params,
extra_environ={'HTTP_X_PARTIAL_XHR': '1'})
# Test response...
assert response.status == '200 OK'
response = self.app.get(
base.url(controller='changeset',
action='index',
repo_name=base.HG_REPO,
revision=rev))
response.mustcontain('''<div class="comments-number">'''
''' 1 comment (0 inline, 1 general)''')
response.mustcontain(text)
# test DB
assert ChangesetComment.query().count() == 1
# check status
status = ChangesetStatusModel().get_status(repo=base.HG_REPO,
revision=rev)
assert status == 'rejected'
def test_remove_api_key(self):
self.log_user()
user = User.get_by_username(base.TEST_USER_REGULAR_LOGIN)
user_id = user.user_id
response = self.app.post(
base.url('edit_user_api_keys_update', id=user_id), {
'description': 'desc',
'lifetime': -1,
'_session_csrf_secret_token': self.session_csrf_secret_token()
})
self.checkSessionFlash(response, 'API key successfully created')
response = response.follow()
# now delete our key
keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all()
assert 1 == len(keys)
response = self.app.post(
base.url('edit_user_api_keys_delete', id=user_id), {
'del_api_key': keys[0].api_key,
'_session_csrf_secret_token': self.session_csrf_secret_token()
})
self.checkSessionFlash(response, 'API key successfully deleted')
keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all()
assert 0 == len(keys)
def test_create_with_mention(self):
self.log_user()
pr_id = self._create_pr()
text = '@%s check CommentOnRevision' % base.TEST_USER_REGULAR_LOGIN
params = {
'text': text,
'_session_csrf_secret_token': self.session_csrf_secret_token()
}
response = self.app.post(base.url(controller='pullrequests',
action='comment',
repo_name=base.HG_REPO,
pull_request_id=pr_id),
params=params,
extra_environ={'HTTP_X_PARTIAL_XHR': '1'})
# Test response...
assert response.status == '200 OK'
response = self.app.get(
base.url(controller='pullrequests',
action='show',
repo_name=base.HG_REPO,
pull_request_id=pr_id,
extra=''))
response.mustcontain('''<div class="comments-number">'''
''' 2 comments (0 inline, 2 general)''')
response.mustcontain('<b>@%s</b> check CommentOnRevision' %
base.TEST_USER_REGULAR_LOGIN)
# test DB
assert ChangesetComment.query().count() == 2
def test_delete_user_group_err(self):
self.log_user()
username = '******'
groupname = 'usergroup_fail'
fixture.create_user(name=username)
ug = fixture.create_user_group(name=groupname, cur_user=username)
new_user = Session().query(User) \
.filter(User.username == username).one()
response = self.app.post(base.url('delete_user', id=new_user.user_id),
params={
'_session_csrf_secret_token':
self.session_csrf_secret_token()
})
self.checkSessionFlash(
response, 'User "%s" still '
'owns 1 user groups and cannot be removed. '
'Switch owners or remove those user groups: '
'%s' % (username, groupname))
# TODO: why do this fail?
#response = self.app.delete(base.url('delete_users_group', id=groupname))
#self.checkSessionFlash(response, 'Removed user group %s' % groupname)
fixture.destroy_user_group(ug.users_group_id)
response = self.app.post(base.url('delete_user', id=new_user.user_id),
params={
'_session_csrf_secret_token':
self.session_csrf_secret_token()
})
self.checkSessionFlash(response, 'Successfully deleted user')
def test_delete_ip(self, auto_clear_ip_permissions):
self.log_user()
user = User.get_by_username(base.TEST_USER_REGULAR_LOGIN)
user_id = user.user_id
ip = '127.0.0.1/32'
ip_range = '127.0.0.1 - 127.0.0.1'
with test_context(self.app):
new_ip = UserModel().add_extra_ip(user_id, ip)
Session().commit()
new_ip_id = new_ip.ip_id
response = self.app.get(base.url('edit_user_ips', id=user_id))
response.mustcontain(ip)
response.mustcontain(ip_range)
self.app.post(
base.url('edit_user_ips_delete', id=user_id),
params=dict(
del_ip_id=new_ip_id,
_session_csrf_secret_token=self.session_csrf_secret_token()))
response = self.app.get(base.url('edit_user_ips', id=user_id))
response.mustcontain('All IP addresses are allowed')
response.mustcontain(no=[ip])
response.mustcontain(no=[ip_range])
def test_close_pr(self):
self.log_user()
pr_id = self._create_pr()
text = 'general comment on pullrequest'
params = {
'text': text,
'save_close': 'close',
'_session_csrf_secret_token': self.session_csrf_secret_token()
}
response = self.app.post(base.url(controller='pullrequests',
action='comment',
repo_name=base.HG_REPO,
pull_request_id=pr_id),
params=params,
extra_environ={'HTTP_X_PARTIAL_XHR': '1'})
# Test response...
assert response.status == '200 OK'
response = self.app.get(
base.url(controller='pullrequests',
action='show',
repo_name=base.HG_REPO,
pull_request_id=pr_id,
extra=''))
response.mustcontain('''title (Closed)''')
response.mustcontain(text)
# test DB
assert PullRequest.get(pr_id).status == PullRequest.STATUS_CLOSED
def test_delete_repo_err(self):
self.log_user()
username = '******'
reponame = 'repoerr_fail'
fixture.create_user(name=username)
fixture.create_repo(name=reponame, cur_user=username)
new_user = Session().query(User) \
.filter(User.username == username).one()
response = self.app.post(base.url('delete_user', id=new_user.user_id),
params={
'_session_csrf_secret_token':
self.session_csrf_secret_token()
})
self.checkSessionFlash(
response, 'User "%s" still '
'owns 1 repositories and cannot be removed. '
'Switch owners or remove those repositories: '
'%s' % (username, reponame))
response = self.app.post(base.url('delete_repo', repo_name=reponame),
params={
'_session_csrf_secret_token':
self.session_csrf_secret_token()
})
self.checkSessionFlash(response, 'Deleted repository %s' % reponame)
response = self.app.post(base.url('delete_user', id=new_user.user_id),
params={
'_session_csrf_secret_token':
self.session_csrf_secret_token()
})
self.checkSessionFlash(response, 'Successfully deleted user')
def test_create_custom_hook(self):
self.log_user()
response = self.app.post(base.url('admin_settings_hooks'),
params=dict(new_hook_ui_key='test_hooks_1',
new_hook_ui_value='cd %s' % base.TESTS_TMP_PATH,
_session_csrf_secret_token=self.session_csrf_secret_token()))
self.checkSessionFlash(response, 'Added new hook')
response = response.follow()
response.mustcontain('test_hooks_1')
response.mustcontain('cd %s' % base.TESTS_TMP_PATH)
# test_edit_custom_hook
response = self.app.post(base.url('admin_settings_hooks'),
params=dict(hook_ui_key='test_hooks_1',
hook_ui_value='old_value_of_hook_1',
hook_ui_value_new='new_value_of_hook_1',
_session_csrf_secret_token=self.session_csrf_secret_token()))
response = response.follow()
response.mustcontain('test_hooks_1')
response.mustcontain('new_value_of_hook_1')
# test_add_existing_custom_hook
response = self.app.post(base.url('admin_settings_hooks'),
params=dict(new_hook_ui_key='test_hooks_1',
new_hook_ui_value='attempted_new_value',
_session_csrf_secret_token=self.session_csrf_secret_token()))
self.checkSessionFlash(response, 'Hook already exists')
response = response.follow()
response.mustcontain('test_hooks_1')
response.mustcontain('new_value_of_hook_1')
def test_delete_pr(self):
self.log_user()
pr_id = self._create_pr()
text = 'general comment on pullrequest'
params = {
'text': text,
'save_delete': 'delete',
'_session_csrf_secret_token': self.session_csrf_secret_token()
}
response = self.app.post(base.url(controller='pullrequests',
action='comment',
repo_name=base.HG_REPO,
pull_request_id=pr_id),
params=params,
extra_environ={'HTTP_X_PARTIAL_XHR': '1'})
# Test response...
assert response.status == '200 OK'
response = self.app.get(base.url(controller='pullrequests',
action='show',
repo_name=base.HG_REPO,
pull_request_id=pr_id,
extra=''),
status=404)
# test DB
assert PullRequest.get(pr_id) is None
def test_delete_closed_pr(self):
self.log_user()
pr_id = self._create_pr()
# first close
text = 'general comment on pullrequest'
params = {
'text': text,
'save_close': 'close',
'_session_csrf_secret_token': self.session_csrf_secret_token()
}
response = self.app.post(base.url(controller='pullrequests',
action='comment',
repo_name=base.HG_REPO,
pull_request_id=pr_id),
params=params,
extra_environ={'HTTP_X_PARTIAL_XHR': '1'})
assert response.status == '200 OK'
# attempt delete, should fail
params = {
'text': text,
'save_delete': 'delete',
'_session_csrf_secret_token': self.session_csrf_secret_token()
}
response = self.app.post(base.url(controller='pullrequests',
action='comment',
repo_name=base.HG_REPO,
pull_request_id=pr_id),
params=params,
extra_environ={'HTTP_X_PARTIAL_XHR': '1'},
status=403)
# verify that PR still exists, in closed state
assert PullRequest.get(pr_id).status == PullRequest.STATUS_CLOSED
def test_index_trending_git(self):
self.log_user()
# codes stats
self._enable_stats(base.GIT_REPO)
ScmModel().mark_for_invalidation(base.GIT_REPO)
# generate statistics first
response = self.app.get(
base.url(controller='summary',
action='statistics',
repo_name=base.GIT_REPO))
response = self.app.get(
base.url(controller='summary',
action='index',
repo_name=base.GIT_REPO))
response.mustcontain(
'[["py", {"count": 68, "desc": ["Python"]}], '
'["rst", {"count": 16, "desc": ["Rst"]}], '
'["css", {"count": 2, "desc": ["Css"]}], '
'["sh", {"count": 2, "desc": ["Bash"]}], '
'["bat", {"count": 1, "desc": ["Batch"]}], '
'["cfg", {"count": 1, "desc": ["Ini"]}], '
'["html", {"count": 1, "desc": ["EvoqueHtml", "Html"]}], '
'["ini", {"count": 1, "desc": ["Ini"]}], '
'["js", {"count": 1, "desc": ["Javascript"]}], '
'["makefile", {"count": 1, "desc": ["Makefile", "Makefile"]}]]', )
def test_my_account_remove_api_key(self):
usr = self.log_user(base.TEST_USER_REGULAR2_LOGIN,
base.TEST_USER_REGULAR2_PASS)
user = User.get(usr['user_id'])
response = self.app.post(
base.url('my_account_api_keys'), {
'description': 'desc',
'lifetime': -1,
'_session_csrf_secret_token': self.session_csrf_secret_token()
})
self.checkSessionFlash(response, 'API key successfully created')
response = response.follow()
# now delete our key
keys = UserApiKeys.query().all()
assert 1 == len(keys)
response = self.app.post(
base.url('my_account_api_keys_delete'), {
'del_api_key': keys[0].api_key,
'_session_csrf_secret_token': self.session_csrf_secret_token()
})
self.checkSessionFlash(response, 'API key successfully deleted')
keys = UserApiKeys.query().all()
assert 0 == len(keys)
def _api_key_test(self, api_key, status):
"""Verifies HTTP status code for accessing an auth-requiring page,
using the given api_key URL parameter as well as using the API key
with bearer authentication.
If api_key is None, no api_key is passed at all. If api_key is True,
a real, working API key is used.
"""
with fixture.anon_access(False):
if api_key is None:
params = {}
headers = {}
else:
if api_key is True:
api_key = User.get_first_admin().api_key
params = {'api_key': api_key}
headers = {'Authorization': 'Bearer ' + str(api_key)}
self.app.get(base.url(controller='changeset', action='changeset_raw',
repo_name=base.HG_REPO, revision='tip', **params),
status=status)
self.app.get(base.url(controller='changeset', action='changeset_raw',
repo_name=base.HG_REPO, revision='tip'),
headers=headers,
status=status)
def test_delete(self):
self.log_user()
users_group_name = TEST_USER_GROUP + 'another'
response = self.app.post(
base.url('users_groups'), {
'users_group_name': users_group_name,
'user_group_description': 'DESC',
'active': True,
'_session_csrf_secret_token': self.session_csrf_secret_token()
})
response.follow()
self.checkSessionFlash(response, 'Created user group ')
gr = Session().query(UserGroup) \
.filter(UserGroup.users_group_name == users_group_name).one()
response = self.app.post(base.url('delete_users_group',
id=gr.users_group_id),
params={
'_session_csrf_secret_token':
self.session_csrf_secret_token()
})
gr = Session().query(UserGroup) \
.filter(UserGroup.users_group_name == users_group_name).scalar()
assert gr is None
def test_case_insensitivity(self):
self.log_user()
repo_name = self.NEW_REPO
description = 'description for newly created repo'
response = self.app.post(
base.url('repos'),
fixture._get_repo_create_params(
repo_private=False,
repo_name=repo_name,
repo_type=self.REPO_TYPE,
repo_description=description,
_session_csrf_secret_token=self.session_csrf_secret_token()))
# try to create repo with swapped case
swapped_repo_name = repo_name.swapcase()
response = self.app.post(
base.url('repos'),
fixture._get_repo_create_params(
repo_private=False,
repo_name=swapped_repo_name,
repo_type=self.REPO_TYPE,
repo_description=description,
_session_csrf_secret_token=self.session_csrf_secret_token()))
response.mustcontain('already exists')
RepoModel().delete(repo_name)
Session().commit()
def test_create_in_group(self):
self.log_user()
## create GROUP
group_name = 'sometest_%s' % self.REPO_TYPE
gr = RepoGroupModel().create(group_name=group_name,
group_description='test',
owner=base.TEST_USER_ADMIN_LOGIN)
Session().commit()
repo_name = 'ingroup'
repo_name_full = db.URL_SEP.join([group_name, repo_name])
description = 'description for newly created repo'
response = self.app.post(
base.url('repos'),
fixture._get_repo_create_params(
repo_private=False,
repo_name=repo_name,
repo_type=self.REPO_TYPE,
repo_description=description,
repo_group=gr.group_id,
_session_csrf_secret_token=self.session_csrf_secret_token()))
## run the check page that triggers the flash message
response = self.app.get(
base.url('repo_check_home', repo_name=repo_name_full))
assert response.json == {'result': True}
self.checkSessionFlash(
response, 'Created repository <a href="/%s">%s</a>' %
(repo_name_full, repo_name_full))
# test if the repo was created in the database
new_repo = Session().query(Repository) \
.filter(Repository.repo_name == repo_name_full).one()
new_repo_id = new_repo.repo_id
assert new_repo.repo_name == repo_name_full
assert new_repo.description == description
# test if the repository is visible in the list ?
response = self.app.get(
base.url('summary_home', repo_name=repo_name_full))
response.mustcontain(repo_name_full)
response.mustcontain(self.REPO_TYPE)
inherited_perms = UserRepoToPerm.query() \
.filter(UserRepoToPerm.repository_id == new_repo_id).all()
assert len(inherited_perms) == 1
# test if the repository was created on filesystem
try:
vcs.get_repo(
os.path.join(
Ui.get_by_key('paths', '/').ui_value, repo_name_full))
except vcs.exceptions.VCSError:
RepoGroupModel().delete(group_name)
Session().commit()
pytest.fail('no repo %s in filesystem' % repo_name)
RepoModel().delete(repo_name_full)
RepoGroupModel().delete(group_name)
Session().commit()
def test_my_account_my_emails_add_remove(self):
self.log_user()
response = self.app.get(base.url('my_account_emails'))
response.mustcontain('No additional emails specified')
response = self.app.post(
base.url('my_account_emails'), {
'new_email': '*****@*****.**',
'_session_csrf_secret_token': self.session_csrf_secret_token()
})
response = self.app.get(base.url('my_account_emails'))
from kallithea.model.db import UserEmailMap
email_id = UserEmailMap.query() \
.filter(UserEmailMap.user == User.get_by_username(base.TEST_USER_ADMIN_LOGIN)) \
.filter(UserEmailMap.email == '*****@*****.**').one().email_id
response.mustcontain('*****@*****.**')
response.mustcontain(
'<input id="del_email_id" name="del_email_id" type="hidden" value="%s" />'
% email_id)
response = self.app.post(
base.url('my_account_emails_delete'), {
'del_email_id': email_id,
'_session_csrf_secret_token': self.session_csrf_secret_token()
})
self.checkSessionFlash(response, 'Removed email from user')
response = self.app.get(base.url('my_account_emails'))
response.mustcontain('No additional emails specified')
def test_my_account_my_emails_add_missing_email_in_form(self):
self.log_user()
response = self.app.get(base.url('my_account_emails'))
response.mustcontain('No additional emails specified')
response = self.app.post(
base.url('my_account_emails'),
{'_session_csrf_secret_token': self.session_csrf_secret_token()})
self.checkSessionFlash(response, 'Please enter an email address')
def test_redirection_after_successful_login_preserves_get_args(self, args, args_encoded):
response = self.app.post(base.url(controller='login', action='index',
came_from=base.url('/_admin/users', **args)),
{'username': base.TEST_USER_ADMIN_LOGIN,
'password': base.TEST_USER_ADMIN_PASS,
'_session_csrf_secret_token': self.session_csrf_secret_token()})
assert response.status == '302 Found'
for encoded in args_encoded:
assert encoded in response.location
def test_delete_non_ascii(self):
self.log_user()
non_ascii = "ąęł"
repo_name = "%s%s" % (self.NEW_REPO, non_ascii)
description = 'description for newly created repo' + non_ascii
response = self.app.post(
base.url('repos'),
fixture._get_repo_create_params(
repo_private=False,
repo_name=repo_name,
repo_type=self.REPO_TYPE,
repo_description=description,
_session_csrf_secret_token=self.session_csrf_secret_token()))
## run the check page that triggers the flash message
response = self.app.get(
base.url('repo_check_home', repo_name=repo_name))
assert response.json == {'result': True}
self.checkSessionFlash(
response, 'Created repository <a href="/%s">%s</a>' %
(urllib.parse.quote(repo_name), repo_name))
# test if the repo was created in the database
new_repo = Session().query(Repository) \
.filter(Repository.repo_name == repo_name).one()
assert new_repo.repo_name == repo_name
assert new_repo.description == description
# test if the repository is visible in the list ?
response = self.app.get(base.url('summary_home', repo_name=repo_name))
response.mustcontain(repo_name)
response.mustcontain(self.REPO_TYPE)
# test if the repository was created on filesystem
try:
vcs.get_repo(
os.path.join(Ui.get_by_key('paths', '/').ui_value, repo_name))
except vcs.exceptions.VCSError:
pytest.fail('no repo %s in filesystem' % repo_name)
response = self.app.post(base.url('delete_repo', repo_name=repo_name),
params={
'_session_csrf_secret_token':
self.session_csrf_secret_token()
})
self.checkSessionFlash(response, 'Deleted repository %s' % (repo_name))
response.follow()
# check if repo was deleted from db
deleted_repo = Session().query(Repository) \
.filter(Repository.repo_name == repo_name).scalar()
assert deleted_repo is None
assert os.path.isdir(
os.path.join(Ui.get_by_key('paths', '/').ui_value,
repo_name)) == False
def test_edit_permissions_permissions(self):
user = User.get_by_username(base.TEST_USER_REGULAR_LOGIN)
# Test unauthenticated access - it will redirect to login page
response = self.app.post(
base.url('edit_repo_perms_update', repo_name=base.HG_REPO),
params=dict(
perm_new_member_1='repository.read',
perm_new_member_name_1=user.username,
perm_new_member_type_1='user',
_session_csrf_secret_token=self.session_csrf_secret_token()),
status=302)
assert not response.location.endswith(
base.url('edit_repo_perms_update', repo_name=base.HG_REPO))
assert response.location.endswith(
base.url('login_home',
came_from=base.url('edit_repo_perms_update',
repo_name=base.HG_REPO)))
response = self.app.post(
base.url('edit_repo_perms_revoke', repo_name=base.HG_REPO),
params=dict(
obj_type='user',
user_id=user.user_id,
_session_csrf_secret_token=self.session_csrf_secret_token()),
status=302)
assert response.location.endswith(
base.url('login_home',
came_from=base.url('edit_repo_perms_revoke',
repo_name=base.HG_REPO)))
# Test authenticated access
self.log_user()
response = self.app.post(
base.url('edit_repo_perms_update', repo_name=base.HG_REPO),
params=dict(
perm_new_member_1='repository.read',
perm_new_member_name_1=user.username,
perm_new_member_type_1='user',
_session_csrf_secret_token=self.session_csrf_secret_token()),
status=302)
assert response.location.endswith(
base.url('edit_repo_perms_update', repo_name=base.HG_REPO))
response = self.app.post(
base.url('edit_repo_perms_revoke', repo_name=base.HG_REPO),
params=dict(
obj_type='user',
user_id=user.user_id,
_session_csrf_secret_token=self.session_csrf_secret_token()),
status=200)
assert not response.body
def test_login_form_after_incorrect_login_preserves_get_args(self, args, args_encoded):
response = self.app.post(base.url(controller='login', action='index',
came_from=base.url('/_admin/users', **args)),
{'username': '******',
'password': '******',
'_session_csrf_secret_token': self.session_csrf_secret_token()})
response.mustcontain('Invalid username or password')
came_from = urllib.parse.parse_qs(urllib.parse.urlparse(response.form.action).query)['came_from'][0]
for encoded in args_encoded:
assert encoded in came_from
def test_my_account_my_emails_add_existing_email(self):
self.log_user()
response = self.app.get(base.url('my_account_emails'))
response.mustcontain('No additional emails specified')
response = self.app.post(
base.url('my_account_emails'), {
'new_email': base.TEST_USER_REGULAR_EMAIL,
'_session_csrf_secret_token': self.session_csrf_secret_token()
})
self.checkSessionFlash(response,
'This email address is already in use')
def test_add_delete_ips(self, auto_clear_ip_permissions):
self.log_user()
default_user_id = kallithea.DEFAULT_USER_ID
# Add IP and verify it is shown in UI and both gives access and rejects
response = self.app.post(
base.url('edit_user_ips_update', id=default_user_id),
params=dict(
new_ip='0.0.0.0/24',
_session_csrf_secret_token=self.session_csrf_secret_token()))
base.invalidate_all_caches()
response = self.app.get(base.url('admin_permissions_ips'),
extra_environ={'REMOTE_ADDR': '0.0.0.1'})
response.mustcontain('0.0.0.0/24')
response.mustcontain('0.0.0.0 - 0.0.0.255')
response = self.app.get(base.url('admin_permissions_ips'),
extra_environ={'REMOTE_ADDR': '0.0.1.1'},
status=403)
# Add another IP and verify previously rejected now works
response = self.app.post(
base.url('edit_user_ips_update', id=default_user_id),
params=dict(
new_ip='0.0.1.0/24',
_session_csrf_secret_token=self.session_csrf_secret_token()))
base.invalidate_all_caches()
response = self.app.get(base.url('admin_permissions_ips'),
extra_environ={'REMOTE_ADDR': '0.0.1.1'})
# Delete latest IP and verify same IP is rejected again
x = UserIpMap.query().filter_by(ip_addr='0.0.1.0/24').first()
response = self.app.post(
base.url('edit_user_ips_delete', id=default_user_id),
params=dict(
del_ip_id=x.ip_id,
_session_csrf_secret_token=self.session_csrf_secret_token()))
base.invalidate_all_caches()
response = self.app.get(base.url('admin_permissions_ips'),
extra_environ={'REMOTE_ADDR': '0.0.1.1'},
status=403)
# Delete first IP and verify unlimited access again
x = UserIpMap.query().filter_by(ip_addr='0.0.0.0/24').first()
response = self.app.post(
base.url('edit_user_ips_delete', id=default_user_id),
params=dict(
del_ip_id=x.ip_id,
_session_csrf_secret_token=self.session_csrf_secret_token()))
base.invalidate_all_caches()
response = self.app.get(base.url('admin_permissions_ips'),
extra_environ={'REMOTE_ADDR': '0.0.1.1'})
def test_fork_create_into_group(self):
self.log_user()
group = fixture.create_repo_group('vc')
group_id = group.group_id
fork_name = self.REPO_FORK
fork_name_full = 'vc/%s' % fork_name
description = 'fork of vcs test'
repo_name = self.REPO
org_repo = Repository.get_by_repo_name(repo_name)
creation_args = {
'repo_name': fork_name,
'repo_group': group_id,
'fork_parent_id': org_repo.repo_id,
'repo_type': self.REPO_TYPE,
'description': description,
'private': 'False',
'landing_rev': 'rev:tip',
'_session_csrf_secret_token': self.session_csrf_secret_token()
}
self.app.post(
base.url(controller='forks',
action='fork_create',
repo_name=repo_name), creation_args)
repo = Repository.get_by_repo_name(fork_name_full)
assert repo.fork.repo_name == self.REPO
## run the check page that triggers the flash message
response = self.app.get(
base.url('repo_check_home', repo_name=fork_name_full))
# test if we have a message that fork is ok
self.checkSessionFlash(
response, 'Forked repository %s as <a href="/%s">%s</a>' %
(repo_name, fork_name_full, fork_name_full))
# test if the fork was created in the database
fork_repo = Session().query(Repository) \
.filter(Repository.repo_name == fork_name_full).one()
assert fork_repo.repo_name == fork_name_full
assert fork_repo.fork.repo_name == repo_name
# test if the repository is visible in the list ?
response = self.app.get(
base.url('summary_home', repo_name=fork_name_full))
response.mustcontain(fork_name_full)
response.mustcontain(self.REPO_TYPE)
response.mustcontain('Fork of "<a href="/%s">%s</a>"' %
(repo_name, repo_name))
fixture.destroy_repo(fork_name_full)
fixture.destroy_repo_group(group_id)
def test_case_insensitivity(self):
self.log_user()
group_name = 'newgroup'
response = self.app.post(url('repos_groups'),
fixture._get_repo_group_create_params(group_name=group_name,
_session_csrf_secret_token=self.session_csrf_secret_token()))
# try to create repo group with swapped case
swapped_group_name = group_name.swapcase()
response = self.app.post(url('repos_groups'),
fixture._get_repo_group_create_params(group_name=swapped_group_name,
_session_csrf_secret_token=self.session_csrf_secret_token()))
response.mustcontain('already exists')
RepoGroupModel().delete(group_name)
Session().commit()
def test_case_insensitivity(self):
self.log_user()
group_name = u'newgroup'
response = self.app.post(url('repos_groups'),
fixture._get_repo_group_create_params(group_name=group_name,
_authentication_token=self.authentication_token()))
# try to create repo group with swapped case
swapped_group_name = group_name.swapcase()
response = self.app.post(url('repos_groups'),
fixture._get_repo_group_create_params(group_name=swapped_group_name,
_authentication_token=self.authentication_token()))
response.mustcontain('already exists')
RepoGroupModel().delete(group_name)
Session().commit()
def test_banned_http_methods(self):
self.app.request(url(controller='login', action='index'), method='PUT', status=405)
self.app.request(url(controller='login', action='index'), method='DELETE', status=405)
def test_banned_http_method_override(self):
self.app.get(url(controller='login', action='index'), {'_method': 'POST'}, status=405)
self.app.post(url(controller='login', action='index'), {'_method': 'PUT'}, status=405)
